diff --git a/filter_plugins/util.py b/filter_plugins/util.py
deleted file mode 100644
index af5d1b7..0000000
--- a/filter_plugins/util.py
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/usr/bin/python
-
-class FilterModule(object):
-    '''Helper filters to make Ansible less unpleasant'''
-    def filters(self):
-        return {
-            'defaultattr': self.defaultattr,
-            'list2dict': self.list2dict,
-        }
-
-    def defaultattr(self, objects, attr, val=None):
-        '''
-        Set a default value if the given attribute is not defined for an object.
-        '''
-        yield from (obj | { attr: obj.get(attr, val) } for obj in objects)
-
-    def list2dict(self, items, key):
-        '''
-        Like items2dict but keep entire dictionaries as values.
-        '''
-        return {item[key]: item for item in items}
diff --git a/roles/alpine/templates/interfaces.j2 b/roles/alpine/templates/interfaces.j2
index 021e564..2c883ed 100644
--- a/roles/alpine/templates/interfaces.j2
+++ b/roles/alpine/templates/interfaces.j2
@@ -1,21 +1,9 @@
-{# Loopback interface must be present so define it here if none exists. #}
-{% if interfaces | rejectattr("name", "==", "lo") %}
 auto lo
 iface lo inet loopback
 
-{% endif -%}
-
-{# Skip disabled and OOB management interfaces. #}
-{# For VMs we have to set the attribute manually (to false) so rejectattr works. #}
-{% for iface in interfaces
-    | defaultattr('mgmt_only')
-    | rejectattr('mgmt_only')
-    | selectattr('enabled') %}
+{% for iface in interfaces | selectattr('enabled') %}
 auto {{ iface.name }}
-iface {{ iface.name }} inet {% if iface.name == "lo" %}loopback{% else %}static{% endif +%}
-{% if iface.mtu %}
-    mtu {{ iface.mtu }}
-{% endif %}
+iface {{ iface.name }} inet static
 {% for address in iface.ip_addresses %}
     address {{ address.address }}
 {% if address.family.value == 4 %}
@@ -33,6 +21,4 @@ iface {{ iface.name }} inet {% if iface.name == "lo" %}loopback{% else %}static{
     pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf
 {% endif %}
 
-{% endfor -%}
-
-source-directory /etc/network/interfaces.d
+{% endfor %}
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index bfeaeee..d902df2 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -16,13 +16,6 @@
       - certbot
       - nginx
 
-- name: Don’t enable old TLS versions
-  lineinfile:
-    path: /etc/nginx/nginx.conf
-    regex: '(\s+ssl_protocols\s.*)'
-    backrefs: yes
-    line: '#\1'
-
 - name: Create HTTP server directories
   file:
     path: /srv/http/.well-known